[JBoss JIRA] (WFLY-6532) AdvancedLdapLoginModule with rolesCtxDN="" can lead to authentication failure
by Ondrej Lukas (JIRA)
[ https://issues.jboss.org/browse/WFLY-6532?page=com.atlassian.jira.plugin.... ]
Ondrej Lukas updated WFLY-6532:
-------------------------------
Affects Version/s: 10.0.0.Final
> AdvancedLdapLoginModule with rolesCtxDN="" can lead to authentication failure
> -----------------------------------------------------------------------------
>
> Key: WFLY-6532
> URL: https://issues.jboss.org/browse/WFLY-6532
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.0.0.Final
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
>
> In case when AdvancedLdapLoginModule is correctly configured for authentication and its attribute rolesCtxDN="", then authentication can fail. This happens when any role is found in LDAP by role search. It is caused by {{canonicalize}} method which returns string which ends with comma for empty rolesCtxDN which is invalid name for searching LDAP.
> In correct behavior authentication should pass and found roles should be assigned to user.
> In case when no role is found, then authentication succeed which is correct behavior.
> Thrown exception:
> {code}
> javax.naming.InvalidNameException: cn=Echo,ou=Roles2,o=AdvancedLdapLMEmptyRolesCtxDnOptionTestCasee7b6b29d,o=primary,dc=jboss,dc=org,: [LDAP: error code 34 - Invalid root Dn given : cn=Echo,ou=Roles2,o=AdvancedLdapLMEmptyRolesCtxDnOptionTestCasee7b6b29d,o=primary,dc=jboss,dc=org, (0x63 0x6E 0x3D 0x45 0x63 0x68 0x6F 0x2C 0x6F 0x75 0x3D 0x52 0x6F 0x6C 0x65 0x73 0x32 0x2C 0x6F 0x3D 0x41 0x64 0x76 0x61 0x6E 0x63 0x65 0x64 0x4C 0x64 0x61 0x70 0x4C 0x4D 0x45 0x6D 0x70 0x74 0x79 0x52 0x6F 0x6C 0x65 0x73 0x43 0x74 0x78 0x44 0x6E 0x4F 0x70 0x74 0x69 0x6F 0x6E 0x54 0x65 0x73 0x74 0x43 0x61 0x73 0x65 0x65 0x37 0x62 0x36 0x62 0x32 0x39 0x64 0x2C 0x6F 0x3D 0x70 0x72 0x69 0x6D 0x61 0x72 0x79 0x2C 0x64 0x63 0x3D 0x6A 0x62 0x6F 0x73 0x73 0x2C 0x64 0x63 0x3D 0x6F 0x72 0x67 0x2C ) is invalid]; remaining name 'cn=Echo,ou=Roles2,o=AdvancedLdapLMEmptyRolesCtxDnOptionTestCasee7b6b29d,o=primary,dc=jboss,dc=org,'
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3074)
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
> com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1329)
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235)
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141)
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:129)
> javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142)
> javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142)
> org.jboss.security.negotiation.AdvancedLdapLoginModule.obtainRole(AdvancedLdapLoginModule.java:801)
> org.jboss.security.negotiation.AdvancedLdapLoginModule.rolesSearch(AdvancedLdapLoginModule.java:737)
> org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:403)
> org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:967)
> org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:326)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ...
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years
[JBoss JIRA] (JGRP-2027) NPE when handling incoming JGroups message
by Bela Ban (JIRA)
[ https://issues.jboss.org/browse/JGRP-2027?page=com.atlassian.jira.plugin.... ]
Bela Ban commented on JGRP-2027:
--------------------------------
What's the status? I didn't see when a header was not added to a message. The only time is before a channel is connected, but then no message can be sent anyway via the channel; this would throw an exception.
> NPE when handling incoming JGroups message
> ------------------------------------------
>
> Key: JGRP-2027
> URL: https://issues.jboss.org/browse/JGRP-2027
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 3.6.7
> Reporter: Radoslav Husar
> Assignee: Radoslav Husar
> Fix For: 3.6.10, 4.0
>
>
> Spotted by QE. Nothing in particular leading to this.
> {noformat}
> 05:34:46,660 ERROR [org.jgroups.protocols.UDP] (INT-1,ee,jboss-eap-7.0) JGRP000030: jboss-eap-7.0: failed handling incoming message: java.lang.NullPointerException
> 05:34:49,846 ERROR [org.jgroups.protocols.UDP] (INT-1,ee,dev212) JGRP000027: failed passing message up: java.lang.NullPointerException
> at org.jgroups.protocols.TP$SingleMessageHandler.run(TP.java:1801)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years
[JBoss JIRA] (WFLY-5050) JSP Cross-Context Include Not Working
by Stuart Douglas (JIRA)
[ https://issues.jboss.org/browse/WFLY-5050?page=com.atlassian.jira.plugin.... ]
Stuart Douglas commented on WFLY-5050:
--------------------------------------
Wildfly 10 uses weld 2.3.2.Final, not weld 3
> JSP Cross-Context Include Not Working
> -------------------------------------
>
> Key: WFLY-5050
> URL: https://issues.jboss.org/browse/WFLY-5050
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 8.2.1.Final, 9.0.1.Final
> Environment: Java 8
> Reporter: Brett Prucha
> Assignee: Stuart Douglas
> Fix For: 10.0.0.Beta1
>
> Attachments: test.ear
>
>
> Including JSP files from a cross-context application results in various errors depending on how it's executed and which version of Wildfly (8 or 9) is being used.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years
[JBoss JIRA] (WFLY-5050) JSP Cross-Context Include Not Working
by sr mudiganti (JIRA)
[ https://issues.jboss.org/browse/WFLY-5050?page=com.atlassian.jira.plugin.... ]
sr mudiganti commented on WFLY-5050:
------------------------------------
Thank you for quick reply. I will update the undertow core jar with the above commit file and test. Will let you know. Wildfly 10 uses Weld 3.0 which implements CDI specification 2.0 (URL: http://weld.cdi-spec.org/documentation/#9) and looks like CDI 2.0 is still under development. So that's the reason I do not want to upgrade to Wildfly 10. Does Wildfly 10 supports Weld 2.3 ?
> JSP Cross-Context Include Not Working
> -------------------------------------
>
> Key: WFLY-5050
> URL: https://issues.jboss.org/browse/WFLY-5050
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 8.2.1.Final, 9.0.1.Final
> Environment: Java 8
> Reporter: Brett Prucha
> Assignee: Stuart Douglas
> Fix For: 10.0.0.Beta1
>
> Attachments: test.ear
>
>
> Including JSP files from a cross-context application results in various errors depending on how it's executed and which version of Wildfly (8 or 9) is being used.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years
[JBoss JIRA] (WFCORE-1270) Intermittent NPE registering a slave HC in mixed-domain test suite
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-1270?page=com.atlassian.jira.plugi... ]
Brian Stansberry commented on WFCORE-1270:
------------------------------------------
BTW, I saw the same exception message on some other test run somewhere, so perhaps subsystem=weld is relevant.
> Intermittent NPE registering a slave HC in mixed-domain test suite
> ------------------------------------------------------------------
>
> Key: WFCORE-1270
> URL: https://issues.jboss.org/browse/WFCORE-1270
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management, Test Suite
> Affects Versions: 2.0.5.Final
> Reporter: Brian Stansberry
> Assignee: Kabir Khan
>
> I've occasionally seen test failures in the mixed domain tests when a testsuite cannot start because the slave HC can't register due to an NPE on the master:
> For example:
> http://brontes.lab.eng.brq.redhat.com/viewLog.html?buildId=82653&tab=buil...
> Critical log details:
> {code}[0m16:16:15,252 INFO [org.jboss.modules] (main) JBoss Modules version 1.3.3.Final-redhat-1
> [0m[0m16:16:15,363 INFO [org.jboss.as.process.Host Controller.status] (main) JBAS012017: Starting process 'Host Controller'
> [0m[Host Controller] [0m16:16:15,871 INFO [org.jboss.modules] (main) JBoss Modules version 1.3.3.Final-redhat-1[0m
> [Host Controller] [0m[0m16:16:16,015 INFO [org.jboss.msc] (main) JBoss MSC version 1.1.5.Final-redhat-1[0m
> [Host Controller] [0m[0m16:16:16,068 INFO [org.jboss.as] (MSC service thread 1-4) JBAS015899: JBoss EAP 6.3.0.GA (AS 7.4.0.Final-redhat-19) starting[0m
> [Host Controller] [0m[0m16:16:16,625 INFO [org.xnio] (MSC service thread 1-2) XNIO Version 3.0.10.GA-redhat-1[0m
> [Host Controller] [0m[0m16:16:16,629 INFO [org.xnio.nio] (MSC service thread 1-2) XNIO NIO Implementation Version 3.0.10.GA-redhat-1[0m
> [Host Controller] [0m[0m16:16:16,657 INFO [org.jboss.remoting] (MSC service thread 1-2) JBoss Remoting version (unknown)[0m
> [Host Controller] [0m[0m16:16:16,705 INFO [org.jboss.as.remoting] (MSC service thread 1-2) JBAS017100: Listening on [::1]:19999[0m
> INFO [org.jboss.as.test.integration.domain.management.util.DomainLifecycleUtil] ServerIdentity{name=server-one, host=slave, server-group=other-server-group} status is starting
> [Host Controller] [0m[31m16:16:17,913 ERROR [org.jboss.as.controller.management-operation] (Host Controller Service Threads - 50) WFLYCTL0013: Operation ("read-master-domain-model") failed - address: ([]): java.lang.NullPointerException[0m
> [Host Controller] [31m at org.jboss.as.controller.registry.OperationTransformerRegistry$1.getResourceTransformer(OperationTransformerRegistry.java:83)[0m
> [Host Controller] [31m at org.jboss.as.controller.transform.ResourceTransformationContextImpl.resolveTransformer(ResourceTransformationContextImpl.java:235)[0m
> [Host Controller] [31m at org.jboss.as.controller.transform.ResourceTransformationContextImpl.processChild(ResourceTransformationContextImpl.java:285)[0m
> [Host Controller] [31m at org.jboss.as.controller.transform.ResourceTransformationContextImpl.processChildren(ResourceTransformationContextImpl.java:254)[0m
> [Host Controller] [31m at org.jboss.as.controller.transform.ResourceTransformer$1.transformResource(ResourceTransformer.java:53)[0m
> [Host Controller] [31m at org.jboss.as.controller.transform.description.TransformingDescription$3.invokeNext(TransformingDescription.java:161)[0m
> [Host Controller] [31m at org.jboss.as.controller.transform.description.AttributeTransformationRule.transformResource(AttributeTransformationRule.java:103)[0m
> [Host Controller] [31m at org.jboss.as.controller.transform.description.TransformingDescription.transformResource(TransformingDescription.java:167)[0m
> [Host Controller] [31m at org.jboss.as.controller.transform.ResourceTransformationContextImpl.processChild(ResourceTransformationContextImpl.java:289)[0m
> [Host Controller] [31m at org.jboss.as.controller.transform.ResourceTransformationContextImpl.processChildren(ResourceTransformationContextImpl.java:254)[0m
> [Host Controller] [31m at org.jboss.as.controller.transform.ResourceTransformer$1.transformResource(ResourceTransformer.java:53)[0m
> [Host Controller] [31m at org.jboss.as.controller.transform.TransformersImpl.transformRootResource(TransformersImpl.java:115)[0m
> [Host Controller] [31m at org.jboss.as.domain.controller.operations.ReadMasterDomainModelUtil.readMasterDomainResourcesForInitialConnect(ReadMasterDomainModelUtil.java:88)[0m
> [Host Controller] [31m at org.jboss.as.domain.controller.operations.ReadDomainModelHandler.execute(ReadDomainModelHandler.java:51)[0m
> [Host Controller] [31m at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:890)[0m
> [Host Controller] [31m at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:659)[0m
> [Host Controller] [31m at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:370)[0m
> [Host Controller] [31m at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1343)[0m
> [Host Controller] [31m at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:395)[0m
> [Host Controller] [31m at org.jboss.as.controller.AbstractControllerService.internalExecute(AbstractControllerService.java:408)[0m
> [Host Controller] [31m at org.jboss.as.host.controller.DomainModelControllerService.access$900(DomainModelControllerService.java:175)[0m
> [Host Controller] [31m at org.jboss.as.host.controller.DomainModelControllerService$InternalExecutor.execute(DomainModelControllerService.java:1229)[0m
> [Host Controller] [31m at org.jboss.as.host.controller.mgmt.HostControllerRegistrationHandler$RegistrationContext.processRegistration(HostControllerRegistrationHandler.java:424)[0m
> [Host Controller] [31m at org.jboss.as.host.controller.mgmt.HostControllerRegistrationHandler$RegistrationContext.access$400(HostControllerRegistrationHandler.java:334)[0m
> [Host Controller] [31m at org.jboss.as.host.controller.mgmt.HostControllerRegistrationHandler$InitiateRegistrationHandler$1.execute(HostControllerRegistrationHandler.java:230)[0m
> [Host Controller] [31m at org.jboss.as.protocol.mgmt.AbstractMessageHandler$ManagementRequestContextImpl$1.doExecute(AbstractMessageHandler.java:363)[0m
> [Host Controller] [31m at org.jboss.as.protocol.mgmt.AbstractMessageHandler$AsyncTaskRunner.run(AbstractMessageHandler.java:465)[0m
> [Host Controller] [31m at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[0m
> [Host Controller] [31m at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[0m
> [Host Controller] [31m at java.lang.Thread.run(Thread.java:745)[0m
> [Host Controller] [31m at org.jboss.threads.JBossThread.run(JBossThread.java:320)[0m
> [Host Controller] [31m[0m
> [Host Controller] [0m[33m16:16:17,935 WARN [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010900: Could not connect to remote domain controller at remote://[::1]:9999 -- 1-$-WFLYCTL0158: Operation handler failed: java.lang.NullPointerException[0m
> [Host Controller] [33m[0m[33m16:16:17,936 WARN [org.jboss.as.host.controller] (Controller Boot Thread) JBAS016581: No domain controller discovery options remain.[0m
> [Host Controller] [33m[0m[31m16:16:17,939 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010901: Could not connect to master. Aborting. Error was: java.lang.IllegalStateException: JBAS016519: Tried all domain controller discovery option(s) but unable to connect[0m
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years
[JBoss JIRA] (WFCORE-1482) list-add operation doesn't work on login-modules attribute
by Brian Stansberry (JIRA)
Brian Stansberry created WFCORE-1482:
----------------------------------------
Summary: list-add operation doesn't work on login-modules attribute
Key: WFCORE-1482
URL: https://issues.jboss.org/browse/WFCORE-1482
Project: WildFly Core
Issue Type: Bug
Components: Domain Management
Affects Versions: 2.1.0.Final
Reporter: Bartosz Spyrko-Śmietanko
Assignee: Tomaz Cerar
Executing list-add operation on login-modules results in the modules being replaced instead of appending new module.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years
[JBoss JIRA] (WFLY-6530) list-add operation doesn't work on login-modules attribute
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-6530?page=com.atlassian.jira.plugin.... ]
Brian Stansberry commented on WFLY-6530:
----------------------------------------
I'm going to move this to WFCORE because that's where the problem is. It's not specific to this particular attribute.
I believe the problem is AbstractCollectionHandler L91, which should not be a simple context.readResource(ForUpdate). Instead the handler needs to create a "response" ModelNode, create a "read-attribute" operation, pass in those two params to add a step to execute that op, and then another step that uses the data in the now-populated response node to do the rest of the manipulation.
Basically, calling context.readResource(ForUpdate) only works if the attribute value is stored in the Resource's internal model. In this case it is not; it's synthetically derived by reading the child resources.
A twist is adding a step with the read-resource op is not going to acquire the controller lock before the read, so you could have a race where the read is done, then another op writes, changing the relevant model, and then the write executes, overwriting the other op's change. Sure, it's a 1 in 1,000,000,000 case, but the simple solution is to call context.acquireControllerLock before adding the steps if requiredReadWriteAccess == true.
> list-add operation doesn't work on login-modules attribute
> ----------------------------------------------------------
>
> Key: WFLY-6530
> URL: https://issues.jboss.org/browse/WFLY-6530
> Project: WildFly
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 2.1.0.Final
> Reporter: Bartosz Spyrko-Śmietanko
> Assignee: Tomaz Cerar
>
> Executing list-add operation on login-modules results in the modules being replaced instead of appending new module.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
10 years